Skip to content
8foldgovernance master
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • Services
    • AI Governance
    • Medical Devices
      • Regulatory Roadmap
      • ISO 13485 Design & Build your QMS
      • Quality Management as a Service
      • Technical File Creation & Registration
      • UK Responsible Person
      • Post Market Surveillance
    • International Standards
      • ISO 13485 Certification
      • ISO 42001 Certification
      • ISO 9001 Certification
      • ISO 27001 Certification
    • DTAC
      • DTAC Management
    • Information Governance
      • Data Security & Protection (DSPT)
      • DSPT Audit
      • HIPAA Compliance
    • Clinical Safety and Risk Management
      • DCB0129
      • DCB0160
      • Clinical Safety Officers (CSO)
    • CQC Services
      • CQC Compliance Assessment
      • CQC Registration Support
      • CQC-as-a-Service
      • CQC Regulatory Review & Strategy
    • Cyber Security
    • Governance, Risk & Compliance Advisory
    • 8foldTraining
  • About
    • Meet the Team
    • Partnerships
    • Join Us
  • Blog
  • Case Studies
  • Contact
  • +44 (0)1273 569172
Book a Call

← From our blog

Understanding ISO Standards and Certifications

  • Published: September 5, 2024
  • Category: International Standards

Share this post

Avatar photo
Lily Stevens

Share this post

Are all ISO certifications created equal? 

When it comes to ISO certifications, it is easy to assume that they are all equal, as long as they bear the coveted ‘ISO’ label. However, the reality is more nuanced than that. International Standards, such as those developed by the International Organisation for Standardisation (ISO), are designed to promote global consistency, quality and efficiency across a range of industries and practices. While these standards themselves are rigorously formulated and agreed upon internationally, the certification process that confirms an organisation’s compliance with these standards can vary significantly. Factors such as the accrediting body, the credibility of the certification body and the specific requirements of different industries can all influence the value and recognition of an ISO certificate. Understanding these differences is crucial for organisations seeking certification to ensure they achieve the intended benefits of credibility and market acceptance.  Written by our Account Manager Lily Stevens and Head of Quality and Regulatory, Daniel Mannion, this blog aims to explain the nuances of ISO certification and help organisations make the right investments in certification.   

What are International Standards?

International standards are internationally agreed-upon guidelines and best practices that address a wide range of subjects, including but not limited to quality management, environmental management, information security, and occupational health and safety. They have been developed by international organisations to promote consistency, compatibility and efficiency worldwide with each standard being developed through a rigorous consensus-based process.  The most prevalent of these organisations responsible for developing standards is the International Organisation for Standardisation more commonly known as ISO.   

What is a Management System Standard?

Management System Standards are a specific set of ISO standards that address how to run an organisation to achieve particular goals (e.g. ISO 9001 or ISO 13485 for quality management, ISO 14001 for environmental management, or ISO 27001 for information security management). These are some of the most common management system standards encountered in a healthcare environment due to their applicability to Medical Device manufacturing or the preservation of patient-identifiable data.  Whilst some are not mandatory requirements for doing business anywhere in the world, businesses that make regulated Medical Devices will be required to be certified against Management System Standards such as ISO 13485. Only organisations (not products) can be certified against a Management System Standard and whilst there are a few exceptions, they are the most common standards which businesses will choose to be certified against.    

What is ISO Certification?

Certification is a formal process by which an independent, accredited body (not ISO itself) verifies that an organisation’s management system complies with the requirements of a specific ISO standard. Certification provides evidence that the organisation has implemented and maintains effective systems and processes in line with international best practices and the principles of the standard.  

How does ISO Certification work?

A certification body is an independent organisation that is accredited to evaluate whether a company, organisation, or system complies with the specific requirements of an ISO Management System standard. A certification body will provide:  Assessment and Auditing: Certification bodies conduct audits and assessments of organisations to ensure their management systems meet the requirements of the relevant ISO Management System Standard. Certification Issuance: If the organisation successfully meets the standard’s requirements, the certification body issues a certificate. This certificate serves as “formal”/independent recognition that the organisation’s management system complies with the specific ISO standard. Surveillance Audits: After issuing the certification, certification bodies conduct regular surveillance audits -usually annually – to ensure the organisation continues to comply with the standard. Re-certification Audits: Typically conducted every three years, re-certification audits are more comprehensive than surveillance audits and are designed to confirm ongoing compliance with the standard over the certification cycle. Independence and Impartiality: Certification bodies must operate independently from the organisations they audit to maintain objectivity and credibility. They are often accredited by national or international accreditation bodies that ensure the certification body’s competence, impartiality, and performance.  

Accreditation and Certification Bodies

Certification bodies themselves are accredited organisations and are usually accredited by an accreditation body, which is a government-regulated or internationally recognised organisation that certifies the competency of the certification bodies. This double-layered approach—where accreditation bodies oversee certification bodies—helps maintain the integrity and trustworthiness of ISO certifications globally.  

UKAS and UK Regulations:

In the UK, the United Kingdom Accreditation Service (UKAS) is the sole national accreditation body*. UKAS was appointed by the UK Government Department of Business, Innovation and Skills (now replaced by other Departments) in 2009 under the Accreditation Regulations 2009. This appointment empowers UKAS to accredit certification bodies in the UK for management system standards certification, among other activities. This also means that the UK public sector (including its suppliers) and regulated industries (like medical devices) should and often do only accept certificates issued by UKAS-accredited certification bodies (or equivalent under the IAF as per below) as valid certificates. This is also common practice in the private sector. *Except for the UK government cyber security scheme Cyber Essentials, which is accredited by IASME.  

EU Regulations and IAF

The European Union established a similar framework to the UK with Regulation (EC) 765/2008, which provides a legal basis for accreditation services across Europe. This regulation requires each EU member state to appoint a single national accreditation body, equivalent to UKAS in the UK. The International Accreditation Forum (IAF) is a global association of accreditation bodies, including UKAS from the UK as well as EU, US, Canadian and Japanese to a total of 84 accreditation bodies. Each country’s recognised accreditation body for Management Systems are allowed to join the IAF as long as they agree to mutual recognition of accreditation and certification (called the IAF MLA).. This international recognition ensures that accreditations from certification bodies that are members of the IAF (like UKAS) are respected worldwide as equivalent to the certification bodies accredited by local accreditation bodies – for example, certificates from certification bodies accredited by the UK accreditation body (UKAS) should be accepted by German public organisations as equivalent to certificates from certification bodies accredited by the German accreditation body (DAkkS) and vice versa. Both the UK Accreditation Regulations 2009 and EC 765/2008 aim to align accreditation practices. They require accreditation to be carried out against recognised standards, for example in the UK, those adopted by the British Standards Institution (BSI) as British Standards (BS) in the UK.  

What to watch out for

Organisations seeking ISO certification should ensure their chosen certification body is accredited by an official national accreditation body (such as UKAS in the UK). This accreditation guarantees that the certification process meets international standards and is recognised globally. Certificates issued by non-accredited bodies may be disregarded by clients and could negatively impact business growth and tender applications. By adhering to this accreditation framework, the UK and EU maintain a robust and internationally recognised system for ISO certifications, ensuring consistency, reliability, and global acceptance of certified management systems.  

Alternative Certification Bodies 

Whilst the IAF is considered the gold standard for certification internationally due to the close alignment and oversight of the government, there are alternative certification organisations which are independently accredited. Most notably, the Accreditation Service for Certifying Bodies (ASCB).  Whilst organisations accredited by ASCB may offer a cheaper and more accessible option for businesses to receive an ISO certification, it’s important to remember that in the UK Public Sector, they are not a recognised certification body.   

Summary

ISO standards are internationally agreed-upon guidelines and best practices developed by experts to address various aspects of business operations, product quality and management systems.  ISO Certification is a formal process where an independent body verifies an organisation’s compliance with a specific ISO standard. This certification provides evidence of adherence to international best practices and can enhance an organisation’s credibility and competitiveness, but organisations should exercise caution in choosing the appropriate certification route in order to ensure its acceptance by potential customers.    Useful Links:
  • https://www.ukas.com/accreditation/standards/certification-body-accreditation/  
  • https://www.ukas.com/  
  • https://www.iso.org/certification.html  
  • https://www.british-assessment.co.uk/ukas-accredited-body/  
  • https://www.ascb.com/  
 

Get expert ISO compliance support today.

Ready to accelerate growth with streamlined ISO compliance? Book your free, no obligation discovery call with one of our compliance experts below.

Book a Call with our Expert Team

Other Articles​

Loading...
How ISO 42001 Compliments Other Regulatory Frameworks

How ISO 42001 Compliments Other Regulatory Frameworks

Read More →

November 26, 2025

How to integrate ISO 42001 with other Management Systems

Read More →

October 8, 2025

FAQ: What is ISO 42001?

Read More →

September 26, 2025
8foldgovernance master

+44 (0) 1273 569172

info@8foldgovernance.com

SERVICES

  • AI Governance
  • Medical Device Registration
  • ISO Compliance
  • Full DTAC Support
  • Information Governance
  • Clinical Safety
  • Data Security & Protection
  • CQC Services
  • Cyber Security
  • 8foldTraining

LINKS

  • Contact
  • About
  • Meet The Team
  • Blog
  • Join Us
  • Case Studies
  • Charity Work
  • Partnerships
  • FAQs
DSPT Data Security And protection Toolkit 8Fold
Information Governance Badge 8 Fold
NPSORE
ABHI Member

 © 2026 8fold | Privacy Policy | Cookie Policy | Terms & Conditions

X We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Read More ACCEPT Cookie settings
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
Save & Accept